3.
Introduction to Cloud Computing Cloud Computing Example In-depth Security Analysis for Cloud Computing [2] Three Cloud Service ModelsProject for Trustworthy Cloud Computing and Conclusion Threats to Cloud Computing BibliographyQuick Introduction to Cloud Computing I “Cloud computing is a term from information technology (IT) and means that software, memory capacity and computer power can be accessed via a network, for instance, the Internet or within a Virtual Private Network (VPN), as and when it is needed. The IT landscape (e.g. data processing centre, data storage facilities, e-mail and collaboration software, development environments and special software such as Customer Relationship Management [CRM]) is no longer owned and run by the company or institution, but is a service which can be rented from one or more cloud service providers” [1] Ankit Singh The Security and Privacy Threats to Cloud Computing

6.
Introduction to Cloud Computing Cloud Computing Example In-depth Security Analysis for Cloud Computing [2] Three Cloud Service ModelsProject for Trustworthy Cloud Computing and Conclusion Threats to Cloud Computing BibliographyList of Threats to Cloud Computing [4] I 1 Abuse of Cloud computing: Eﬀected Services:- Iaas, PaaS: - Absuing service due to anonymity due to loose registration and validation process. - Adversaries usage the models for spamming, writing malicious code etc. 2 Insecure Interfaces and APIs: Eﬀected Services:- IaaS, Paas, SaaS: - Interfaces or APIs provided by service providers to customers to manage and interact with cloud services. - The security and availability of cloud services is dependent upon the security of these basic API’s. - Interfaces must be designed to protect against accidental and malicious attempts to mislead the policy. Ankit Singh The Security and Privacy Threats to Cloud Computing

7.
Introduction to Cloud Computing Cloud Computing Example In-depth Security Analysis for Cloud Computing [2] Three Cloud Service ModelsProject for Trustworthy Cloud Computing and Conclusion Threats to Cloud Computing BibliographyList of Threats to Cloud Computing [4] II 3 Malicious Insiders: Eﬀected Services:- Iaas, Paas, SaaS: - An adversary can harvest conﬁdential data or gain complete controls over cloud services depending on the level of access. 4 Shared Technology Issues: Eﬀected Services:- IaaS: - The disk partitions, CPU caches and GPUs and other shared elements were never designed for strong compartmentalization. - A virtualization hypervisor addresses this gap which mediates access between guest operating systems and physical compute resources. - The hypervisors have the ﬂaw which may result in gaining inappropriate levels of control or inﬂuence on the underlying platform. Ankit Singh The Security and Privacy Threats to Cloud Computing

8.
Introduction to Cloud Computing Cloud Computing Example In-depth Security Analysis for Cloud Computing [2] Three Cloud Service ModelsProject for Trustworthy Cloud Computing and Conclusion Threats to Cloud Computing BibliographyList of Threats to Cloud Computing [4] III 5 Data Loss or Leakage: Eﬀected Services:- IaaS, PaaS, SaaS: - Deletion or alteration of records without a backup of the original content. - Unlinking a record from a larger context may render it unrecoverable. - Unauthorized parties must be prevented from gaining access to sensitive data. - Examples: Insuﬃcient authentication, authorization and audit (AAA) controls Ankit Singh The Security and Privacy Threats to Cloud Computing

9.
Introduction to Cloud Computing Cloud Computing Example In-depth Security Analysis for Cloud Computing [2] Three Cloud Service ModelsProject for Trustworthy Cloud Computing and Conclusion Threats to Cloud Computing BibliographyList of Threats to Cloud Computing [4] IV 6 Account or Service Hijacking: Eﬀected Services:- IaaS, PaaS, SaaS: - Attack methods such as phishing, fraud and exploitation of software vulnerabilities still achieve results. Credentials and passwords are often reused. 7 Unknown Risk Proﬁle: Eﬀected Services:- IaaS, PaaS, SaaS: - Versions of software, code updates, security practices, vulnerability proﬁles, intrusion attempts are the factors for estimating company’s security posture. - Some questions which need to addressed like how data and related logs are stored and who has access to them? what information may be disclosed in case of security breach? etc. Ankit Singh The Security and Privacy Threats to Cloud Computing

10.
Introduction to Cloud Computing Security weakness in Cloud Computing In-depth Security Analysis for Cloud Computing [2] Data protection requirements for cloud computing servicesProject for Trustworthy Cloud Computing and Conclusion Government and the Cloud BibliographySecurity weakness in Cloud Computing I Cloud Providers fail to provide encryption to their users: - Cloud service providers not providing encrypted access to their Web applications Man in the middle attacks: -Attackers redirects traﬃc between a client and a server through him. - Achieved by forging DNS packets, DNS cache poisoning, or ARP spooﬁng. - Prevention: DNSSEC and HTTPS/TLS are two technologies which can prevent this attack. Ankit Singh The Security and Privacy Threats to Cloud Computing

11.
Introduction to Cloud Computing Security weakness in Cloud Computing In-depth Security Analysis for Cloud Computing [2] Data protection requirements for cloud computing servicesProject for Trustworthy Cloud Computing and Conclusion Government and the Cloud BibliographySecurity weakness in Cloud Computing II Data encryption caveats: - Where will the encryption key be stored? - Where will the encryption and decryption processes be performed? User interface attacks: - A Web browser is used for accessing Web applications. Thus, browser’s user interface becomes an important security factor. - Example: An attacker tries to fool the user into thinking that she is visiting a real website instead of a forgery. Techniques used here include fake HTTPS lock icons. Ankit Singh The Security and Privacy Threats to Cloud Computing

15.
Introduction to Cloud Computing Security weakness in Cloud Computing In-depth Security Analysis for Cloud Computing [2] Data protection requirements for cloud computing servicesProject for Trustworthy Cloud Computing and Conclusion Government and the Cloud BibliographyGovernment and the Cloud [2] I United States: One of the most important legal tools used by the U.S. Government to force cloud providers to hand them users’ private data is the third-party doctrine. Other relevant laws include the Wiretap Act, the All Writs Act and the Foreign Intelligence Surveillance Act. Example: Facebook can provide complete proﬁle information and uploaded photos to law enforcement irrespective of her privacy Ankit Singh The Security and Privacy Threats to Cloud Computing

16.
Introduction to Cloud Computing Security weakness in Cloud Computing In-depth Security Analysis for Cloud Computing [2] Data protection requirements for cloud computing servicesProject for Trustworthy Cloud Computing and Conclusion Government and the Cloud BibliographyGovernment and the Cloud [2] II Germany: §§111 and 112 of the 2004 Telecommunications Act (Telekommunikationsgesetz in German) allow the government to force telecommunication service providers (which include cloud service providers like webmail) to hand over information such as a customer’s name, address, birthdate, and email address, without a court order, through an automated query system that includes a search function in case law enforcement has incomplete request data. Example: court-ordered surveillance in Germany is the Java Anonymous Proxy (JAP), which is an open source software for anonymously browsing websites. Ankit Singh The Security and Privacy Threats to Cloud Computing

17.
Introduction to Cloud Computing In-depth Security Analysis for Cloud Computing [2] The TClouds ProjectProject for Trustworthy Cloud Computing and Conclusion Conclusion of the Talk BibliographyThe TClouds Project I Trustworthy Clouds - TClouds is a European Commission funded project. GOAL: To develop a trustworthy cloud computing infrastructure, which enables a comprehensible and audit proof processing of personal or otherwise sensitive data in a cloud without limiting the solution to just a physically separated private cloud [6]. Target Scenarios: Energy Sector: Potugal’s leading energy supplier Energias de Portugal (EDP) and electronics company EFACEC in ﬁeld of smart power grid Healthcare Sector: Italian hospital San Raﬀaele in Milano Ankit Singh The Security and Privacy Threats to Cloud Computing

19.
Introduction to Cloud Computing In-depth Security Analysis for Cloud Computing [2] The TClouds ProjectProject for Trustworthy Cloud Computing and Conclusion Conclusion of the Talk BibliographyConclusion I Cloud computing is a upcoming ﬁeld due to attractive services provided by cloud computing service providers. Privacy and data security are the biggest challenges when it comes to storing and processing critical business or personal data in a cloud. There are many challenges that we can only face if we understand what we are dealing with, how it may a aﬀect us and which possible solutions exist. We must convince cloud providers and users of the importance of implementing available security technologies. Ankit Singh The Security and Privacy Threats to Cloud Computing

20.
Introduction to Cloud Computing In-depth Security Analysis for Cloud Computing [2] The TClouds ProjectProject for Trustworthy Cloud Computing and Conclusion Conclusion of the Talk BibliographyConclusion II The requirements of national and international data protection laws are a major concern. As a consequence, this leads to a stronger market growth of just so-called private and community clouds which are aligned more to the speciﬁc requirements of single customers or a narrowly deﬁned user group. The data which are sensitive and private should be avoided to put on the cloud due to current security threats. Ankit Singh The Security and Privacy Threats to Cloud Computing